SIGN IN
    SIGN IN

    By using our site, you agree that we use cookies

    How to Install Wireguard on Docker

    Similar articles:
    How to remove a restriction for downloading files in Internet Explorer on Windows Server How to install RouterOS on a virtual server (VPS/VDS) How to install MariaDB on Docker Instructions for setting up the service resale program How to limit the size of the /var/log folder (logrotate)
    As you know, WireGuard is a VPN that allows us to securely tunnel both our personal network and surfing. This gives us secure and reliable Internet access from a smartphone or personal computer.

    How to install it on a clean server can be found in this article.

    In this tutorial, we'll look at how to install WireGuard in a Docker container using Docker Compose.


    Let's install Docker.

    But first, you need to update the OS packages.

    apt update

    Install the necessary packages and add a new repository:

    apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt key add -

add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

    Update the packages with the new repository:

    apt update

    Now let's install Docker itself.

    apt-get install docker-ce docker-ce-cli containerd.io

    Let's check the version:

    docker --version

    Check status:

    systemctl status docker

    If it did not start, then run:

    systemctl start docker

    And add to autorun.

    systemctl enable docker



    Install Docker Compose
    For this project, version 1.25 will be enough for us.

    curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin /docker-compose

    Set permissions to launch.

    chmod +x /usr/local/bin/docker-compose

    Check how Docker-Compose was installed:

    docker-compose --version



    Add a Linux user to the docker group:

    usermod -aG docker $USER

    Let's create a *.yaml file for Docker-Compose.

    In order to orient in the future in what we have installed, let's create a separate folder for this project in the /opt directory and go to it.

    mkdir /opt/wireguard-server && cd /opt/wireguard-serve

    You can also use your /home directory to host this and other projects.

    Let's use the linuxserver repository to create the docker-compose.yaml file at https://hub.docker.com/r/linuxserver/wireguard

    Create a docker-compose.yaml or docker-compose.yml file,

    vim docker-compose.yaml

    And add the following code to it:

    version: "2.1"
services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      -NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=0
      - PGID=0
      - TZ=Europe/Amsterdam
      - SERVERURL=auto
      - SERVERPORT=32334
      - PEERS=1
      - PEERDNS=1.1.1.1
      - INTERNAL_SUBNET=10.10.10.0
      - ALLOWEDIPS=0.0.0.0/0
      - LOG_CONFS=true
    volumes:
      - /opt/wireguard-server/config:/config
      - /lib/modules:/lib/modules
    ports:
      - 32334:32334/udp
      - 51280:51280/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: always

    Where:

    container_name: name of your container;
    TZ=: time zone, you can change it to the desired one, but for anonymity it is better to leave Europe/Amsterdam;
    SERVERPORT=: random port on which your VPN will work. It will also need to be registered in ports.
    PEERS=: number of users. They can be increased to the required amount;
    32334:32334/udp 51280:51280/udp - forwarded ports.

    Run our script (to do this, you need to be in the directory where our file was created. In this case, it is /opt/wireguard-server/):

    docker-compose up -d

    We are waiting for the download of images, and deployment.

    We check:

    docker-compose ps

    or

    docker ps

    You can also do this with one command in docker:


    docker run -d \\
  --name=wireguard \\
  --cap-add=NET_ADMIN \\
  --cap-add=SYS_MODULE \\
  -e PUID=0 \\
  -e PGID=0 \\
  -e TZ=Europe/Amsterdam \\
  -e SERVERURL=auto \\
  -e SERVERPORT=32334 \\
  -e PEERS=1 \\
  -e PEERDNS=1.1.1.1 \\
  -e INTERNAL_SUBNET=10.10.10.0 \\
  -e ALLOWEDIPS=0.0.0.0/0 \\
  -e LOG_CONFS=true \\
  -p 32334:32334/udp \\
  -p 51280:51280/udp \\
  -v /opt/wireguard-server/config:/config \\
  -v /lib/modules:/lib/modules \\
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \\
  --restart always \\
  lscr.io/linuxserver/wireguard:latest


    To generate a QR code for a smartphone:

    docker exec -it wireguard /app/show-peer 1

    Where:

    1 is the first config/user.

    Result:


    All configuration files and QR codes are located in /opt/wireguard-server/config/peer*


    How to create additional users.

    To do this, you just need to change the PEERS directive in the docker-compose.yaml file

    In order for the changes to be applied, we recreate our container:

    docker-compose up -d --force-recreate

    Also, for anonymity, disable ping on the host server:

    echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf

    And apply the changes:

    sysctl -p

    Happy surfing.
    Similar articles:
    Инструкция по настройке программы перепродажи услуг